Dan Goodin, from arsTechnica, says that the DDoS attack targeted the XML-RPC in WordPress sites. The XML-RPC allows pingbacks, trackbacks, and remote access via certain software. The hackers found a vulnerability in this and were able to launch this huge attack with minimal resources.

The WordPress site that was under attack was down for many hours forcing the host to shut them down. With further investigation it was discovered that it was a “HTTP-based (layer 7) distributed flood attack, sending hundreds of requests per second to their sever.”

Are You At Risk

Imagine your site being one of these 162,000 that attacked another site. How would that make you feel knowing that your website helped to take down someone elses?

The people who owned these sites were victims of a hackers plot. But where does the responsibility begin and where does it end?

Here’s what two leading experts say about the issue.

Poor Internet hygiene, not increased cybercrime, is what’s really to blame for the increased botnet traffic the online world is battling, say cybersecurity experts Tom Kellermann and Rod Rasmussen. Because end users are not keeping software and patches on their computers and websites – such as blogs built on WordPress – up to date, cybercriminals have found the devices and sites easy to compromise, the two say during this interview with Information Security Media Group.via Stop Breaches? Improve Internet Hygiene

As this particular attack targeted the pingback feature if this is enabled on your site then, YES, you would be at risk. This feature is turned on by default and needs to be turned off in order to close this loophole. You can do this manually or by using a security plugin.

How to Prevent a DDoS Attack

The best way to prevent such an attack is to ensure that your WordPress site is up-to-date. But that alone is not enough. You need to protect your site. You need to block the attacks as they come. And they will come.

Thousands of WordPress sites are attacked every single day and it is not a matter of if, but rather when. Let’s all do our part in keeping hackers at bay and keeping our WordPress sites safe.